Re: Denial of Service Against pcAnywhere.

[six () MINDLESS COM (Patrick Turcotte)]

Greetings

Following vacuum's post... I did some testing, since colleagues of mine
have pcAnywhere running in a production environment (yes, I *am* ashamed of
reporting NT stuff ;-) ):

nmap v2.51 installed on Solaris 7 host, on the same LAN as the host, as the
scanning platform

network environment: switched 100 Mbps LAN

NT 4.0 Workstation SP1 host, pcAnywhere 9.0.0 build 133, Win98 SE client,
pcAnywhere 9.0.0 build 133: nmap -sT -sU, nmap -sS and nmap -sT all cause
pcAnywhere host app to stop answering to connection requests
NT 4.0 Workstation SP5 host, pcAnywhere 9.0.0 build 133, Win98 SE client,
pcAnywhere 9.0.0 build 133: nmap -sT causes pcAnywhere host app to stop
answering to connection requests
NT 4.0 Workstation SP5 host, pcAnywhere 9.2.0 build 239, Win98 SE client,
pcAnywhere 9.2.0 build 239: nmap -sT causes pcAnywhere host app to stop
answering to connection requests

All tests were done both in unencrypted mode and with pcAnywhere
encryption, with no difference in the results.  A simple cancelling and
restarting of the pcAnywhere host service fixed the crash, but this kind of
defeats the purpose of remote administration, doesn't it?  And yes, where
vacuum needed a SYN scan, a simple TCP scan was necessary here, for obscure
reasons.  Some tests were also done with other portscanners, but didn't
produce the same effect; if there is some interest out there, I'll explore
this avenue further.

The information was forwarded to Symantec's tech support.

Salutations, and long live Bugtraq.

Six

At 04:40 PM 25/04/00 -0500, vacuum wrote:
> While performing a routine network audit, a TCP SYN scan caused
> every pcAnywhere Host service on the network to stop responding.

_______________________________________________________
Patrick Turcotte                                This is who we are.

six () mindless com